Income Verification

In Light of Equifax Breach: How to Ensure Maximum Security of Sensitive Data


Emptech's founder, Jeff Aleixo


Jeffrey Aleixo

Equifax breach data protection

Equifax, one of the biggest credit reporting agencies, reported on September 7, 2017, one of the largest data breaches in history which is now impacting half the U.S. population. Equifax reported that criminals “exploited a U.S. website application vulnerability to gain access to certain files.”

Equifax’s breach includes the compromise of the personal information of approximately 143 million individuals, as originally reported. However, as of October 15, CNN reported that there have now been another 2.5 million people breached. The breach includes information including social security numbers, birthdates, credit card numbers, and drivers’ licenses.

As to how much liability Equifax breach will cause, nobody really knows just yet. We do know, however, that the Federal Trade Commission (FTC) and many state attorney generals have already started proceedings against Equifax. “The FTC typically does not comment on ongoing investigations,” spokesman Peter Kaplan wrote in an email to Reuters. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff are investigating the Equifax breach.” In addition, almost 40 states have joined an investigation into Equifax’s business practices.

More recently, Equifax’s cybersecurity has come under fire, stating the core of the compromise was due to a vulnerability in Apache’s open-source Struts software. First discovered earlier this year, the vulnerability was patched in March, months before the beginning of the Equifax compromise. Had the company patched the software when a fix first became available, the Equifax breach could have been averted.

Use automated online system to shift the costs away from your company and protect your employees from abuse by providing them with guaranteed security.

Emptech Entices Lawmakers to Improve Sensitive Data Regulations

Emptech has sent a letter to Congresswoman Waters and Senator Mark Warner, asking for national reporting reform legislation and stricter laws on more timely notifications to the public when data breaches, such as the one with Equifax occur. Currently, California only states that a “timely” notification needs happen. This, of course, is the equivalent of not saying anything at all, because there is nothing to be enforced here. Emptech is urging federal lawmakers to move swiftly to enact laws that require all states to move to a public announcement within 72 hours regarding any security breach discovery of sensitive consumer data.

Thus far, lawmakers on both the federal and state level have not been strict enough about regulating data firms that hold sensitive consumer data. Right now, states such as Connecticut, Florida, Maine, New Mexico, Ohio, Rhode Island, Tennessee, and Vermont — have mandated deadlines on how fast an organization needs to inform consumers of a breach. And with each passing day, we see a changing landscape as our states and nation wrap their hands around rapid needed change.

Sensitive Data Protection as Top Priority

In light of the Equifax breach, let me assure you that the security of our Verifyfast customer data is our top priority.

As Verifyfast is one of our top brands at Emptech, we take seriously the sensitive data of others.

All sensitive portions of this website such as customer logins and account information make use of the Internet-standard Secure Sockets Layer (SSL), which securely encrypts information between Verifyfast servers and our customers.

We make extensive use of industry-standard best practices when safeguarding information stored on Verifyfast servers, databases, and backups. This includes, but is not limited to: encrypted transmission of any customer data, secure storage of said data, network and host firewalls, intrusion prevention systems, disaster recovery solutions, and much more. Additionally, all Verifyfast servers are housed in secure SSAE 16 and SOC 2 audited facilities and are protected against disasters such as power loss, fires, flooding, and others.

We are committed to continually monitoring the integrity of our data, systems, and networks. We routinely audit our security practices and revise them, adding complementary processes and technologies as needed.

Outsource your verification of income and employment and reduce costs while protecting sensitive employee data.
The information contained within this document is general in nature and is not intended and should not be construed as legal, HR, or opinion by Emtpech. Please contact Emptech or another subject matter professional prior to acting on any information provided in this document. We recommend caution when contemplating acting on any information provided in this document as it may not be applicable or suitable for the specific viewer’s needs. Emptech assumes no obligation to update any viewer of any changes in law, rule, or regulation that could affect the information contained herein. Without express written permission from Emptech, no part of this document may be reproduced, retransmitted, or otherwise redistributed in any form or by any means, including, but not limited to photocopying, electronic, facsimile transmission, or using any other information storage and retrieval system.